问题描述
自从最终设法按照文档此处
很明显,该API使用的是OAuth 2.0,这就是为什么我希望发送 grant_type
, client_id
, client_secret
和 expires_in
(如果我未指定这些字段之一,则API会成功告诉我它丢失了).
现在我遇到的问题是我必须生成的OAuth 1.0授权标头,而Postman似乎没有问题,但是尝试在PHP中这样做,我只是从API返回了一个错误关于签名不匹配:
array:6 ["errorId" =>错误-fde4f0f1-9d5c-43fd-80eb-056cbf2c3259""httpStatus" =>401"errorCode" =>401300消息" =>签名不匹配.授权签名或客户端凭据错误."错误" =>"invalid_client""error_description" =>错误代码:'401300'.签名不匹配.授权签名或客户端凭据错误."]
我尝试了各种调试,其中很多给了我不同的错误,然后我继续尝试重新调试,因此签名必定是问题所在.
我创建了以下类此处来处理生成标头,并从 guzzle/oauth-subscriber
包中的类.
以下是正在生成的请求标头的示例:
array:2 ["Content-Type" =>应用程序/x-www-form-urlencoded"授权" =>"OAuth oauth_consumer_key =" XXXXXXXXXXXX,oauth_signature_method =" HMAC-SHA256,oauth_timestamp =" 1583629976,oauth_nonce =" Br2HsCVzsaEe3KswBhtCzsSxjUDWgX56,oauth_version =" 1.0,oauth2%2%3%2%2%D2%3%B2%D2%2%D2%2%D2%D2%1%B9C]
和请求正文:
array:4 ["grant_type" =>"client_credentials""client_id" =>"XXXXXXXXXXXX""client_secret" =>"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX""expires_in" =>87000]
已替换敏感详细信息,但 consumer_key
是正确的,并且与 client_id
的值相同,并且 consumer_secret
和 client_secret
无论我如何尝试更改 signUsingHmac()
方法以更改签名,它都行不通,对我来说一切正常D:
有人有什么主意吗?
如果我能很好地工作,我会将其拉入包中,以减轻PHP中对该API的身份验证的痛苦.
我尝试完全按照文档,但是不幸的是它仍然没有用,这是我的 $ baseString
传递给hash方法时的样子:
我还创建了一个新的要旨此处及其更新,以创建此 $ baseString
干杯,马特
我创建了一个可行的要点.一些建议:
- 所有值都必须为urlenconde()
- 您需要使用的字符串对于signign,请求需要包括:method(大写)&网址(urlecode)&参数列表(URL编码)
- 签名密钥是您的消费者密钥秘密(urlencode),后跟& .这是因为通常您的签名密钥需要我的消费者秘密和保密信息.秘密令牌.在这种情况下,我们没有秘密令牌
对于您的签名基本字符串的参数列表,您需要包括所有oauth_参数和grant_type,因为您还需要包括body参数.这些键的排序至关重要
一些代码PHP代码:
$ keyId = getenv('HERE_API_KEY_ID');$ keySecret = getenv('HERE_API_KEY_SECRET');$ httpBody = ["grant_type" =>"client_credentials"];$ httpMethod ="POST";$ httpUrl ='https://account.api.here.com/oauth2/token';$ oauthNonce = mt_rand();$ oauthTimestamp = time();$ oauthSignatureMethod =" HMAC-SHA256;$ oauthVersion ="1.0";$ baseString = $ httpMethod.&".urlencode($ httpUrl);$ oauth1Param = ['oauth_consumer_key'=>$ keyId,'oauth_signature_method'=>$ oauthSignatureMethod,'oauth_timestamp'=>$ oauthTimestamp,'oauth_nonce'=>$ oauthNonce,'oauth_version'=>$ oauthVersion];$ paramString ="grant_type = client_credentials&"."oauth_consumer_key =".urlencode($ oauth1Param ['oauth_consumer_key']).& oauth_nonce =".urlencode($ oauth1Param ['oauth_nonce']).& oauth_signature_method =".urlencode($ oauth1Param ['oauth_signature_method']).& oauth_timestamp =".urlencode($ oauth1Param ['oauth_timestamp']).//& oauth_token =".& oauth_version =".urlencode($ oauth1Param ['oauth_version']);echo $ paramString.PHP_EOL;$ baseString = $ baseString.&".urlencode($ paramString);回声$ baseString.PHP_EOL;$ signingKey = urlencode($ keySecret).&";$ signature = urlencode(base64_encode(hash_hmac('sha256',$ baseString,$ signingKey,真的)));$ oauth1Param ['oauth_signature'] = $ signature;回显运行时签名:".$ signature .PHP_EOL;
我创建了一个有效的GIST,您唯一需要更改的就是$ keyId和$ keySecret. https://gist.github.com/roberto-butti/736c38c796ede70c719f6a21a752c971
>该文档非常有用: https://developer.twitter.com/zh-CN/docs/basics/authentication/oauth-1-0a/creating-a-signature
I've been trying to get my PHP application to create a successful token request since finally managing to get it working with Postman as per the docs here
Apparently the API is using OAuth 2.0 which is why I expect to send up grant_type
, client_id
, client_secret
and expires_in
(if I don't specify one of these fields then the API will successfully tell me it is missing).
Now the problem I am having is with this OAuth 1.0 Authorization Header that I am having to generate, which Postman seems to have no issues doing so, however trying to do it in PHP I am just getting an error returned from the API about a signature mismatch:
array:6 [
"errorId" => "ERROR-fde4f0f1-9d5c-43fd-80eb-056cbf2c3259"
"httpStatus" => 401
"errorCode" => 401300
"message" => "Signature mismatch. Authorization signature or client credential is wrong."
"error" => "invalid_client"
"error_description" => "errorCode: '401300'. Signature mismatch. Authorization signature or client credential is wrong."
]
I've tried various debugging, a lot of which gives me different errors then I keep landing back on this one so the signature must be the problem.
I created the following class here to handle generating a header, getting some guidance from the class in the guzzle/oauth-subscriber
package.
Here is an example of the request headers being generated:
array:2 [
"Content-Type" => "application/x-www-form-urlencoded"
"Authorization" => "OAuth oauth_consumer_key="XXXXXXXXXXXX",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1583629976",oauth_nonce="Br2HsCVzsaEe3KswBhtCzsSxjUDWgX56",oauth_version="1.0",oauth_signature="G7%2B5f2v2Kdx3rp%2B28DcuJRBvhi9H7fHC1mFLqJIgmMc%3D""
]
And the request body:
array:4 [
"grant_type" => "client_credentials"
"client_id" => "XXXXXXXXXXXX"
"client_secret" => "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
"expires_in" => 87000
]
Sensitive details replaced but consumer_key
is correct and thats the same value as client_id
and the same goes for consumer_secret
and client_secret
No matter how I try and alter the signUsingHmac()
method to change the signature, it doesn't work and it all looks fine to me D:
Anyone got any ideas?
If I can get this working nicely I will pull it out into package to make the auth for this API in PHP a lot less painful.
EDIT:
I tried forming the signature exactly like shown in the docs here but to unfortunately it still hasn't worked, this is what my $baseString
looked like when passing into the hash method:
POST&https%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken&grant_type%3Dclient_credentials%26oauth_consumer_key%3DXXbXbXbXbXbXbXb%26oauth_nonce%3DrZNNSZGOOIHFFtLboCjdAheCmKJmOYSp%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1583640503%26oauth_version%3D1.0
I've also created a new gist here with my updates to create this $baseString
Cheers,Matt
I created a gist that works.Some suggestion:
- all values need to be urlenconde()
- the string that you need to usefor signign the request needs to include: method (uppercase) & URL(urlecode) & list of parameters (url encoded)
- the signing key is your consumer key secret (urlencode) followed by &. This because usually your signing key needs to me consumer secret & secret token. In this case we don't have secret token
For the list of parameters for your signature base string you need to include all oauth_ parameter and your grant_type because you need to include also the body parameter. The sorting of these keys is crucial
some code PHP code:
$keyId = getenv('HERE_API_KEY_ID');
$keySecret = getenv('HERE_API_KEY_SECRET');
$httpBody = [
"grant_type" => "client_credentials"
];
$httpMethod = "POST";
$httpUrl = 'https://account.api.here.com/oauth2/token';
$oauthNonce = mt_rand();
$oauthTimestamp = time();
$oauthSignatureMethod= "HMAC-SHA256";
$oauthVersion = "1.0";
$baseString = $httpMethod."&". urlencode($httpUrl);
$oauth1Param = [
'oauth_consumer_key' => $keyId,
'oauth_signature_method' => $oauthSignatureMethod,
'oauth_timestamp' => $oauthTimestamp,
'oauth_nonce' => $oauthNonce,
'oauth_version' => $oauthVersion
];
$paramString =
"grant_type=client_credentials&".
"oauth_consumer_key=". urlencode($oauth1Param['oauth_consumer_key']).
"&oauth_nonce=". urlencode($oauth1Param['oauth_nonce']).
"&oauth_signature_method=". urlencode($oauth1Param['oauth_signature_method']).
"&oauth_timestamp=". urlencode($oauth1Param['oauth_timestamp']).
// "&oauth_token=".
"&oauth_version=". urlencode($oauth1Param['oauth_version'])
;
echo $paramString.PHP_EOL;
$baseString = $baseString . "&" . urlencode($paramString);
echo $baseString . PHP_EOL;
$signingKey= urlencode($keySecret) . "&";
$signature = urlencode(
base64_encode(
hash_hmac(
'sha256',
$baseString,
$signingKey,
true
)
)
);
$oauth1Param['oauth_signature'] = $signature;
echo "RUNTIME SIGNATURE : " . $signature .PHP_EOL;
I create a GIST that works, the only thing that you need to change is $keyId and $keySecret.https://gist.github.com/roberto-butti/736c38c796ede70c719f6a21a752c971
This documentation was very useful: https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a/creating-a-signature
这篇关于HERE REST API OAuth 2.0令牌请求(带有1.0标头)错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!